我在装有Ubuntu操作系统的机器上安装了Docker。 当我跑步时:
sudo docker run hello-world
一切都很好,但是我想隐藏sudo命令以使该命令更短。 如果我写的命令没有sudo
docker run hello-world
显示如下:
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied. See 'docker run --help'.
当我试图跑步时,同样的情况也会发生:
docker-compose up
我该如何解决这个问题?
当前回答
Docker守护进程绑定到Unix套接字,而不是TCP端口。 默认情况下,Unix套接字由root用户拥有,其他用户只能使用sudo访问它。Docker守护进程始终以根用户运行。
如果不想在docker命令前面加上sudo,可以创建一个名为docker的Unix组,并向其中添加用户。当Docker守护进程启动时,它会创建一个Unix套接字,供Docker组的成员访问。
创建docker组并添加用户:
Create the docker group sudo groupadd docker Add your user to the docker group sudo usermod -aG docker $USER Log out and log back in so that your group membership is re-evaluated. If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect. On a desktop Linux environment such as X Windows, log out of your session completely and then log back in. On Linux, you can also run the following command to activate the changes to groups: newgrp docker Verify that you can run docker commands without sudo. The below command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits docker run hello-world
如果您在将用户添加到Docker组之前首先使用sudo运行Docker CLI命令,您可能会看到以下错误,这表明您的~/。由于sudo命令,创建的Docker /目录权限不正确。
WARNING: Error loading config file: /home/user/.docker/config.json -
stat /home/user/.docker/config.json: permission denied
要解决这个问题,要么删除~/。Docker /目录(它会自动重新创建,但任何自定义设置都将丢失),或使用以下命令更改其所有权和权限:
sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
sudo chmod g+rwx "$HOME/.docker" -R
linux上docker的所有其他后期安装步骤都可以在这里找到https://docs.docker.com/engine/install/linux-postinstall/
其他回答
在Centos上安装Docker后。在运行下面的命令时,我得到下面的错误。
[centos@aiops-dev-cassandra3 ~]$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.soc k/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
修改docker.socket的Group和Permission
[centos@aiops-dev-cassandra3 ~]$ ls -l /lib/systemd/system/docker.socket
-rw-r--r--. 1 root root 197 Nov 13 07:25 /lib/systemd/system/docker.socket
[centos@aiops-dev-cassandra3 ~]$ sudo chgrp docker /lib/systemd/system/docker.socket
[centos@aiops-dev-cassandra3 ~]$ sudo chmod 666 /var/run/docker.sock
[centos@aiops-dev-cassandra3 ~]$ ls -lrth /var/run/docker.sock
srw-rw-rw-. 1 root docker 0 Nov 20 11:59 /var/run/docker.sock
[centos@aiops-dev-cassandra3 ~]$
使用以下docker命令进行验证
[centos@aiops-dev-cassandra3 ~]$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[centos@aiops-dev-cassandra3 ~]$
你可以尝试在https://docs.docker.com/install/linux/linux-postinstall/文档中以非根用户的身份管理Docker。
在这样做之后,如果问题仍然存在,那么您可以运行以下命令来解决它:
sudo chmod 666 /var/run/docker.sock
一个简单的破解方法就是以“超级用户”的身份执行。
要访问超级用户或root用户,请执行以下命令:
在user@computer:
$sudo su
输入密码后,你将进入root@computer:
$docker run hello-world
这肯定不是问题所在,但由于它是谷歌错误消息时的第一个搜索结果,所以我就把它留在这里。
首先,使用以下命令检查docker服务是否正在运行:
Systemctl status docker.service
如果它没有运行,试着启动它:
Sudo systemctl start docker.service
... 并再次检查状态:
Systemctl status docker.service
如果还没有启动,请调查原因。可能,您修改了配置文件并犯了一个错误(就像我在修改/etc/docker/daemon.json时所做的那样)。
安装docker后,创建“docker”组并将用户添加到其中,编辑docker服务单元文件:
sudo nano /usr/lib/systemd/system/docker.service
在部分[Service]中添加两行:
SupplementaryGroups=docker
ExecStartPost=/bin/chmod 666 /var/run/docker.sock
保存文件(Ctrl-X, y, Enter)
运行并启用Docker服务:
sudo systemctl daemon-reload
sudo systemctl start docker
sudo systemctl enable docker
